Robert - Architecte ETHERNET
Ref : 040917R001-
1652 ALSEMBERG (Belgique)
-
Chef de projet, Rédacteur technique, Architecte (69 ans)
-
Freelance
PROFESSIONAL EXPERIENCES
From June 2021 to November 2021 DKV-ERGO (BE)
Challenge Business Analyst IAM-PAM
Achievement Non-Disclosure clauses
Identity & Access Management / Privileged Access Management
1. Increasing the ERGO & DKV Cyber Security Maturity up to the level expected by Management Committee;
2. Cyber Security Maturity Levels to be reached are key part of the functional requirements;
3. Complying with Group and local (ERGO & DKV) ISMS policies and Belgian laws and regulations (GDPR, …);
4. Enable ERGO & DKV data to be protected and processed more securely;
5. Improving control on Identities and their Access Rights;
6. Consolidated view on Access Rights of all users allowed to access and process ERGO & DKV data (employees, business partners, customers and privileged users);
7. Enforcing key processes & principles (Joiner, Mover & Leaver processes, Recertification processes; Least privilege & need to know principles, Segregation Of Duties);
8. Access rights granted and revoked automatically and reviewed regularly;
9. Providing evidences, the processes are running efficiently;
10. KPI’s and KRI’s will be provided (alignment with project Cyber Risk Metrics and Reporting);
11. Enabling closing of IAM & PAM related Audit findings;
Bringing added value for the Business:
12. Adding visibility on users access rigths;
13. Simplifying and securing users access rights management;
14. Logging & Monitoring of users access rights management activities;
15. Logging & Monitoring of privileged users activities;
16. Providing evidences;
17. Automating joiner, mover and leaver processes;
18. Automating (re)certification processes;
19. Opportunity to improve end users experience:
20. Request & approval;
21. Single Sign On;
22. Self services (registration, password reset, …).
From July 2020 to January 2021 Personal project (HU)
From January 2020 to May 2020 GSK (BE)
Challenge Risks Assessment Coordinator
Achievement Non-Disclosure clauses
Several Risks Assessment on critical platform / applications (SOX / Confidentiality and Sensitive Information).
Cyber Security Training
From May 2019 to Sept 2019 CARREFOUR (BE)
Challenge RFP SIEM-SOC
Achievements Project Manager SIEM-SOC (included CAPEX-OPEX)
Cloud Azure
23. Vulnerabilities assessment (Using EBIOS)
24. Security configuration enhancement
Agile
RFP blue-print acceptation by concerned people.
RFP redaction.
Supplier’s NDA signature
Q&A supplier’s consolidation
Supplier’s answers scoring
Supplier’s solution oral presentation
Supplier’s solution oral presentation scoring
Supplier’s short list involved to P.O. Cs
POC’s scoring
Supplier commitment to phasing implementation.
25. QUA + Tests
26. PRD + Tests
27. Roll-out
From Jan 2017 to August 2019 FLUXYS (BE)
Challenge SIEM - SOC (Security Operation Center) Management Responsible
Achievements Vulnerabilities Management (Non-Disclosure clauses)
D.L.P (Data Leakage Protection / Data Loss Prevention)
CyberArk
28. PAM (Privilege Access Management)
29. PSM (Privilege Session Manager)
30. PAS (Privilege Access Security)
31. PVWA ( Password Vault Web Access)
32. EPV (Enterprise Password Vault)
33. Training-Awareness
Methodology Scrum-Agile
Using Qualys
34. Vulnerabilities scanning
35. Policy Compliance (CIS) scanning
36. Risks acceptance / mitigation process (based on CVSS rating / Risk appetite)
37. Asset discovery
ITSM Omnitracker
Hardening (operating system / data base / security nodes)
Vulnerabilities Reporting (weekly / Monthly / ad-hoc)
Metrics
38. Dashboard
39. KPIs
Firewall logs analysis
Mobile device (smartphone, tablet) management using XEN
AV solution log analysis (workstations / servers)
OMADA (IAM)
40. Business
1. Business role model
2. Entitlement Model
3. Business Role Model enforcement
4. Business Modeling Proof Of Concept
5. RACI Grid
41. Operational
1. Grid (SOLL-IST) periodic control
2. Role / Profile creation / deletion / approval
3. SAP access review
4. Segregation Of Duty
5. IAM SPOC (Life cycle, update, issues…etc.)
6. Daily check sync failure (ITSM, AD, HR…)
SCADA Environment
42. AV solution decommissioning / commissioning
P.K.I (Private Keys Infrastructure Management)
43. Certificates Management
44. Central Directory / Keys storing
45. LCM (life cycle management )
Cloud AZURE
46. Exchange and Office 365 risks assessment
47. Daily check issue (Office 365, Exchange)
48. End-users Azure Training
NIS / ENISA
CSC (Critical Security Controls) implementation objective.
Security awareness to end-user (phishing, ransomware, malware..etc.)
Threats management: IoC (Indicator of Compromise), ATP (Advanced Persistent Threat) etc.
DRP
49. DRP plan peer reviewer
Daily and projects tasks: daily tasks managed security alerts, and in some cases where news projects kick-off.
Incident Response tasks :
50. Fortinet sandbox events (FSA) – False Positive assesssment.
51. AV solutions events.
52. EndUsers incidents (management within an SLA’s management for VIP).
53. IoC (indicators of compromise).This risk was treated as soon as a CERT communicated it to me.
54. S.O.D (segregation of duties) alert from RBAC.
55. IAM sync failure
56. SCCM upgrade
57. Failure Mobile incident
58. ..etc.
ITSM (IT Service Management)
59. Process / procedure creation / enhancement package implementation
Cloud Azure
60. Vulnerabilities assessment
61. Security configuration enhancement
Projects security alert tasks
62. Patching failure management ( For unknown reasons SCCM patching failed)
63. Ransomwares / malware alerts
64. Meltdown and Spectre Intel buffer vulnerabilities
65. Vulnerabilities (findings) with Qualys scan
66. Partner Exchange with web certificate low ratings…request to obtain a A rating.
67. Weak protocol (SSL 1 or 2, FTP, SNMP v1 or 2, SSH 1…etc. )End of life
68. ..etc.
From October to December 2016
Mission to ING (BE)
Challenge ISRM / Audit
Achievements OSG’s Control
Analyse critical OSGs
Addendum template
Collect relevant information
IAM grid (SOLL-IST) user access
Monitoring (TSCM / SEM) audit
SoX controls audit
From Dec 2015 to August 2016
Mission to Puilaetco Dewaay Private Bankers (BE)
Challenge ISRM / Security Officer
Achievements BIA / DRP / Access Control / Risks Analysis
BIAs update
DRP
69. Prepare test
70. Post-mortem actions
SoX section 404
MiFID 2
Users Access Control
60. Applications
61. Remote connection
Applications RA
May 2015 to September 2015
Mission to PROXIMUS (BE)
Challenge Cyber Defence Project (answer a tender / Non-disclosure agreement)
Achievements Risks Assessments / Governance / Solution Architect
Alignment with EU Council Decisions
NOC / SOC / SIEM /APT
SSRS / SECOPS / SOP redaction
Nov 2014 to March 2015
Mission to CONSIG-VILL (HU)
Challenge PM / Risk Assessor
Achievements Several IT projects
Solution Architect : Industrial Firewall Implementation
Infrastructure design : DMS project
Feb 2014 to June 2014
Mission to CONSIG-VILL (HU)
Challenge Risk Assessor
Achievements Several IT projects
Enhance Security in SCADA Environment
Oct 2013 to Dec 2013
Mission to GDF-SUEZ (BE)
Challenge Risk Assessor
Achievements Several IT projects
PKI Infrastructure
Wi-Fi Secure guest access
Mobility (smartphone)
Confidentiality compliance
Sept 2012 to Oct 2013
Mission to ABN AMRO Bank (NL)
Challenge ISRM / Risk Assessor
Achievements Several IT projects
Application Risks Assessment.
62. Using EBIOS for ABN-AMRO subsidiary company in France.
63. Web-Services
64. E-banking
65. PCI-DSS
66. BC / BM SEPA
SAN NAS
Virtualization
Define mitigation with business collaboration
Risks Follows-up
Pentest Coordinator
Wi-Fi Assessment
SoX section 404
Technical writer / Peer reviewer
June 2012 to July 2012
Mission to PARTENA (BE) Insurance
Challenge Hardening Web Services
Achievements IT Security & Risk Management
Pentest (white Box)
Vulnerability identification
Risk mitigation
June 2011 to May 2012
Mission to ETHIAS Insurance (BE)
Challenge IT Security Architect & Risk Management
Achievements Several Projects
Network Segregation
Architecture Security Solution
BlackBerry Infrastructure Security Policy (BES)
Risks Identifications
Risks Assessment
Risks Mitigation
BIA / BCP
Awareness campaign (End-User, Responsible, Developers)
Writing Directives compliance with ISO 27002
Wi-Fi Extension
Regulation alignment FSMA
Web Services Security (OWASP top 10, CWE)
Risk Reporting analysis (Malwares, Incidents..etc..)
Hardening existing Policy
Confidentiality, Integrity, Availability
Jan 2012 – March 2012
Mission to NRB (BE) Infrastructure Management
Challenge DRP / BCP management
Achievements DRP / BCP Management & Risk Management
Risks (Identifications, Assessment, Mitigation)
DRPs test planning & coordination
Mid Dec 2010 – mid-June 2011
Mission to BNP-PARIBAS-FORTIS (BE) Bank
Challenge ISRM (Information Security Risk Manager)
Achievements Network Solution Architect
Application Risks Assessment.
67. Web-Services
68. E-banking
69. PCI-DSS
Audit
VoIP Security Solution Architect
Wi-Fi Security Solution Architect
Network equipment recommendations
Network Segregation
Stakeholders interview
IDS / IPS
Awareness Campaign
Stakeholder Process implementation
Regulation alignment PCI-DSS / FSAM
Confidentiality, Integrity, Availability
Weekly team meetings responsible
Weekly workshop meeting with Architecture team
Sept 2010 – mid Dec 2010
Mission to DEXIA BANK (BE) Bank
Challenge IT Security Officer
Achievements IT Security & Risk Management
Home Working Secure Access
Web Applications Security (OWASP, Awareness Campaign)
Application Security (CWE, Awareness Campaign)
Secure Flow exchange PCI-DSS compliance
Secure Flow in/out exchange according Data Classification for the End-User
Risk Assessment
Risk Mitigation
Audits
Stakeholders interview
Mainframe confidential output data
Regulation alignment PCI-DSS / CBFA
Data classification recommendations
Confidentiality, Integrity, Availability
Other projects
July 2007 - June 2010
Mission to ELECTRABEL (BE) Power Plant
Challenge IT Security
Achievements Security Baseline & Hardening Security
Technical or Security document writer
Challenge Audit I.A.M _ R.B.A.C
Achievements Audit / Security
Strategic alignment with Business requirements
Stakeholders interview
Segregation Of Duty
Challenge Project Management
Achievements SCADA Access Security (Industrial Firewall Solution implementation )
RFP Blue Print
Benchmark
Proof Of Concept
Scoring, Weight, Reporting
Achievements Confidentiality, Integrity, HIGH Availability (Power Plant environment) Project Leader
B.I.A (Business Impact Analysis)
Confidentiality, Integrity, Availability
RA (Risks Assessment)
Stakeholders interview
Risks mitigation
Challenge Risks Assessor / Security Officer
Achievements Identify, and mitigate the risks impact
IRM (Incident Response Management) Malware, including RACI process
RM (Risks Management)
Process creation (RACI)
Policy writing
Technical Documents writing
Strategic alignment with Business requirements
Architecture Security Solution
RTO / RPO Definitions with stakeholders
Group Policy alignment
KPIs, Real Time SCADA
Legal Regulation alignment
March 2003 - June 2007
Mission to ELIA Group (Belgian electricity transmission grid) (BE)
Challenge IT GOVERNANCE / IT Architecture
Achievements Several Projects
IT Security
Policy writing
Technical Documents writing
SCADA Technical and infrastructure Architecture
Update existing Urbanism
S.O.C (Security Operations Centre) BCP / DRP
MEGA (Urbanism solution) Administrator
Process creation (RACI)
Change Management
Monitoring
Release Management
RM (Risks Management)
RA (Risks Assessment)
B.I.A (Business Impact Analysis)
IT Governance Policy
Stakeholder’s interview
Confidentiality, Integrity, Availability
Hardening SAP security
Group Policy alignment
Legal Regulation alignment
Budgetary Management
RTO / RPO Definitions with stakeholders
PKI
1. Kick-off
2. Blue -print
3. Recommendations
4. P.O.C
Awareness Campaign
Other projects
Jan 2002 - Feb 2003
Employer AXEN Consulting (BE) Consulting
Status Employee
Challenge Monitoring Solution / Implementation
Achievements Several Projects
Monitoring
Change Manager
Stakeholders interview
Security
Metrics KPIs, KRIs recommendations
Architecture
May 1995- Dec 2001
Employer GMG Technologies (FR) (Consulting)
Status Employee
Challenge PROJECT LEADER / NETWORK SUPERVISOR / SYSTEM / INTEGRATOR
Achievements SVS la Martiniquaise Group
1992- 1995
Employer HORIZON SYSTEM (FR) (Consulting)
Status Employee
Challenge NETWORK ADMINISTRATOR & TRAINER
1990-1992
Employer CONSTRUCTION DE l' OUEST (FR) (Building Firm)
Status Employee
Challenge Building coordinator
1984-1990
Employer HORIZON SYSTEM (FR) (Consulting)
Status Employee
Challenge Network Technician and Maintenance.
1978-1984
Employer REGIE-PRESSE (FR) (Marketing Firm)
Status Employee
Challenge Different book keeper function
2014 Training Prince2 (Foundation + Practitioner)
2011 Certified in Risk and Information Systems Control (CRISC) ISACA Certification
2009 Boot Camp: Safety-Radioprotection-Security-Environment within nuclear environment CISSP Training
2006 Boot Camp CISM (ISACA)
2004 MEGA 2005 (I.S Architecture modeling)
2000.2001 DESMI/Master II of Compiègne Technology University (France): Le Business Continuity Plan
2000 Cursus Linux Mandrake + Oracle
1999 Cursus TCP/IP + SQL
1997 Cursus MCPSE NT4
SKILLS
SOLUTION ARCHITECT
1. Visio
ARCHITECTURE
2. MEGA (TOGAF embedded, Archimate standard)
3. Urbanisation and Processes
4. Technical infrastructure
ACCESS MANAGEMENT
5. OMADA (IAM-RBAC)
6. TIM-TAM (TIVOLI)
7. CyberArk (PAM, PAS, PVWA, PSM, EPV))
8. PasswordState
9. Cloud (SaaS, IaaS, PaaS)
CHANGE MANAGEMENT
10. Omnitracker - ITSM (IT Service Management)
RISKS ASSESSMENT & SECURITY
11. Qualys (Vulnerability, Compliance, Asset discovery)
12. B.I.A
13. DRP / BCP (RTO / RPO )
14. Risks Assessment & Management
15. SAP Security
16. Incident Response (SIEM-SOC)
17. Cyber Defence
18. IoC (Indicator of Compromise)
19. CSC
20. SAP Information Lifecycle Management (SAP ILM)
21. Big Data Risks Assessment
NETWORK SECURITY
22. PKI
23. EndPoint Users security
24. Fortinet
25. NetScaler
26. SCADA
27. TCP /IP Stack
28. Asynchronous Transfer Mode (ATM)
29. Routings protocols
30. Data Center
31. Cisco ASA
32. VoIP
33. Real-Time / SCADA
34. SmartGrid (Training)
35. Wi-Fi
36. Virtualization
37. Wintel platform
38. McAfee EPO
39. SCCM
40. Scripting PowerShell
41. Microsoft End Point Devices
42. XEN (IPhone + IPad Management)
43. ISDN
44. SD-WAN
IT GOVERNANCE / METHODOLOGY
45. N.I.S Directive ( Critical Infrastructure )
46. SoX section 404
47. ISO 27k / 22301
48. EBIOS
49. GDPR
50. Security Awareness
51. PCI-DSS
52. Several reports / policies / recommendations / rules / White papers /
DATA BASE
53. SQL (good knowledge)
54. Oracle (basis)
MONITORING
55. Qualys
56. SCCM
57. FORTINET
58. AD
59. SIEM-SOC : P.OC with SPLUNK /QRADAR
CrowdStrike (Training)
CRISC certified
Prince2 Training (Foundation + Practitioner)
SCRIPTING (PowerShell good knowledge)
University Grade
Master II (UTC Compiègne France)
Certification
ISACA CRISC
LANGUAGES
Dutch = good
English = good